Cannot contact any KDC for real 'TR.LAB' while getting initial credentials
Greg Hudson
ghudson at mit.edu
Sun Jan 18 12:32:42 EST 2015
I don't think your image attachments made it through the mailing list
server.
Single-component KDC hostnames should not cause a problem as long as the
client can resolve them. If you are using an MIT krb5 client, the best
way to get more insight is to use "env KRB5_TRACE=filename kinit ..."
and look at the file for messages like:
Resolving hostname equal-rites.mit.edu
Sending initial UDP request to dgram 127.0.1.1:61000
On 01/17/2015 01:06 AM, Zaid Arafeh wrote:
> Hello,
> I'd like your help please
> BackgroundI stood up a test Kerberos KDC with hostname kdc, I can get tickets locally on the kdc itself and I can run kadmin successfully. firewall is disabled on KDCI stood up a host named CLI, I sync'ed the krb5.conf from the KDC. I added the IP address for kdc in the /etc/hosts file and /etc/resolv.conf and I am able to ping the KDC
> ProblemWhen I run kinit or kadmin on the client, I get the following error "Cannot contact any KDC for real 'TR.LAB' while getting initial credentials"I tried this from multiple hosts that have krb5.conf sync'ed same problem
> here are snaptshots of my config (question follows)
>
>
>
>
> Could the fact that Im running single label hosts (not FQDN) be the cause?What could be the problem if Im able to reach the KDC by all other means (SCP, Ping etc)
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list